This article outlines the secure deployment procedure dedicated to your Microsoft 365 email service.
The settings will be applied by running a PowerShell Script downloaded from your console.
Note: This configuration applies only to email environments that are not in a hybrid setup.
1. Define the Destination Mail Server :
To deliver filtered messages to Microsoft 365, enter the mail server of the relevant domain.
For example: yourdomain-com.mail.protection.outlook.com.
- Log in to the domain management interface at: https://www.security-mail.net/
- Enter your username and password.
- Navigate to
(Configuration => Domain Settings => Delivery/SMTP)and update the destination mail server (your Microsoft 365 server).
2. Modify DNS records (SPF, DKIM & DMARC) :
To legitimize email sending through e-securemail servers, you will need to add:
Ajout de l’enregistrement SPF
The SPF record is a line you need to add to your DNS server to prevent email spoofing. This helps reduce the risk of your domain being used for SPAM.
Here is the information you need to add through your registrar (e.g., Gandi, 1&1, OVH) to create the TXT record for the domain "your-domain-name.com".
(Note: "your-domain-name.com" is a domain name we will use as an example.)
your-domain-name.com 10800 IN TXT "v=spf1 include:includespf.security-mail.net -all"
Adding the DKIM Record
The DKIM record ensures that your domain has not been spoofed and that the message has not been altered during transmission.
-
Generate your DKIM key:
- Log in to the e-securemail interface.
- Navigate to Configuration > Domain Settings > DKIM.
-
Add the DKIM key to your domain’s DNS records:
-
Name:
sec-sig-email._domainkey -
TTL:
3600 -
Format:
TXT
-
Name:
Adding the DMARC Record
The DMARC record specifies how a domain should handle emails failing SPF and DKIM checks, providing protection against spoofing and phishing by indicating whether messages should be accepted, quarantined, or rejected.
-
Generate a DMARC record:
- Log in to the console at https://support.security-mail.net/.
- Navigate to Reports => DMARC.
Example DMARC Record:
Below is an example of a DMARC record for the domain example.com that uses the policy "none" and sends reports to the email address dmarc@secuserve.com:
v=DMARC1; p=none; rua=mailto:dmarc@secuserve.com
3. Automated deployment :
Log in to your e-securemail interface at https://www.security-mail.net/, select the relevant domain (from your list of domains), then go to Administration > Office 365 and choose Automatic.
Choose the domain to configure.
Active: Spam will be sent directly to the Junk folder in Microsoft 365 (You will not receive quarantine reports).
Inactive: Spam will be sent to the e-securemail quarantine (You will receive quarantine reports).
Enter the email address of the Microsoft Admin account, then click Download.
Run the file with PowerShell as Administrator.
A Microsoft authentication prompt will appear; log in with the Microsoft Admin account.
4. Modify DNS records (MX) :
Once the destination mail server is updated, configure the MX records to redirect traffic to our gateways.
This reduces the attack surface on your Microsoft 365 mailboxes. Update the MX records with the following information:
Priority Mailing Server
10 france.security-mail.net.
20 europe.security-mail.net.
Some registrars require you to add a DOT after the .net to complete the registration.